Hello folks,
I'm developing a tool for signing digital TV apps, and for testing I'm
creating a lot of different test scenarios.
Well, using OpenSSL 1.0.0e to create a new certificate, signed by a
snakeoil one I got the following error:
--> The stateOrProvinceName field needed to be the same in the
--> CA certificate (SP) and the request (SP)
As it was just a test, I've changed openssl.conf to:
...
[ policy_match ]
countryName = match
stateOrProvinceName = optional
organizationName = match
...
But then I get:
--> The organizationName field needed to be the same in the
--> CA certificate (ACME SA) and the request (ACME SA)
I can just put everithing as optional, as it's just a test scenario and
this issue is not in the scope of the test, but it made me wonder what
was going on, as the Ubuntu distro version of OpenSSL (0.98 k) was not
complaining, with the same conf. file.
Playing some more I came with these steps to reproduce:
1) Using OpenSSL 0.9.8k
--> openssl ecparam -genkey -name prime256v1 -out ca.key
--> openssl req -new -key ca.key -out ca.csr -subj '/C=BR/ST=SP/L=Sao
Paulo/O=ACME SA/OU=bank/CN=ACME root CA'
--> openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.pem
2) Now using OpenSSL 1.0.0e
--> openssl ecparam -genkey -name prime256v1 -out ecKey.pem
--> openssl req -new -key ecKey.pem -out client.csr -batch -subj
'/C=BR/ST=SP/L=Sao Paulo/O=ACME SA/OU=bank/CN=ecdsaTest'
--> openssl ca -in client.csr -out client.pem -cert ca.pem -keyfile
ca.key -startdate 110728133018Z -enddate 120728183030Z -batch -noemailDN
-- The organizationName field needed to be the same in the CA
certificate (ACME SA) and the request (ACME SA)
Shouldn't this work or am I missing something?
Regards,
Gabriel Marques.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
